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Response to Amendment 

1 . This action is in response to the amendment received on 09/22/2004. 

2. The finality of the office action mailed on 12/22/2004 is withdrawn as described in 
interview summary dated April 20, 2005. 

3. Claims 1-16 are pending. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

5. Claim 1, 2, 5, 8, 9, 14, and 15 are rejected under 35 U.S.C. 102(e) as being anticipated by 
US Patent No. 6,601, 1 14 to Bracha et al, hereinafter called Bracha. 

Per claims 1 and 2: 
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Bracha disclose: 

- A code verification system (col. 7, lines 55-56 "instructions verification within the verify 
instructions step") 

- memory for storing (col. 10, line 53 "storage device into memory"); a compiled program 

(col. 10, lines 46-47 "instructions typically generated by a compiler") and 
- a code verifier configured to analyze instructions of said program (col. 10, line 62 
"verification is performed by the ATVP' and col. 10, lines 65-66 "verification includes 
identifying. . . instruction sequence") and to generate a plurality of type signatures based 
on said instructions (col 17, lines 30-32 "pre- verification constraints. . . stored. . . or the 
module itself, or both, . . have attached a signal, such as a digital signature"), each of said 
type signatures indicating each input type constraint and each output type description for 
a respective one of said instructions (col 17, lines 33-35 "can be used to reUably 
identify the source of the module or constraints and indicate whether they may have 
been tampered with since being signed"), wherein said code verifier is configured to 
detect a type error by analyzing said type signatures (col. 17, lines 36-37 "intra-module 
verification checks of validity. . .during conventional verification"). 

Per claim 5: 

Bracha disclose: 

- memory for storing a compiled program (col. 10, line 53 "storage device into memory" 
and col. 10, lines 46-47 "instructions typically generated by a compiler"); and 
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- a code verifier configured to analyze a code block of said program (col. 10, line 62 
"verification is performed by the JVM' and col. 10, lines 65-66 "verification includes 
identifying. . . instruction sequence") and to translate instructions within said code block 
into a plurality of type signatures (col. 17, Unes 30-32 "pre-verification constraints. . . 
stored. . . or the module itself, or both. . . have attached a signal, such as a digital 
signature"), said code verifier further configured to compose said type signatures into a 
single composed type signature and to detect a type error by analyzing said type 
signatures (col. 17, lines 36-37 "intra-module verification checks of validity. . . during 
conventional verification") 

Per claims 8, 9, 14, and 15: 

Bracha disclose: 

- storing a compiled program (col. 10, line 53 "storage device into memory" and (col. 10, 
lines 46-47 "instructions typically generated by a compiler"); 

- generating a plurality of type signatures based on instructions v^ithin said program (col. 
17, lines 30-32 "pre-verification constraints. . . stored. . . or the module itself, or both. , . 
have attached a signal, such as a digital signature"), each of said type signatures 
indicating each input type constraint and each output type description for a respective one 
of said instructions (col. 17, lines 33-35 "can be used to reUably identify the source of the 
module or constraints and indicate whether they may have been tampered with since 
being signed"); 
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- analyzing said type signatures; and detecting a type error based on said analyzing step 
(col. 17, lines 36-37 "intra-module verification checks of validity. . . during conventional 
verification") 

Substantially as claimed. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

7. Claim 3, 4, 6, 7, 10-13, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bracha in view of US Patent No. 6,092,147 to Levy et al., hereinafter called Levy. 

Per claim 11: 
Bracha disclose: 

- storing a compiled program (col. 10, line 53 "storage device into memory" and (col. 10, 
lines 46-47 "instructions typically generated by a compiler");, said compiled program 
having at least one code block that includes a plurality of instructions (col. 9, lines 50-55 
"a compiler 164 which compiles the source code 162 to produce one or more modules 
165, 166 containing instructions such as VM instructions, and a processor such as a 
virtual machine (VM) 167 which takes one or more modules 165, 166 as input and 
executes the program they generate"); 
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- translating said instructions into a plurality of type signatures (col. 17, lines 30-32 "pre- 

verification constraints. . . stored. . . or the module itself, or both. . . have attached a 
signal, such as a digital signature"); 

- analyzing said type signatures (col. 10, line 62 "verification is performed by the JVM" 

and col. 10, lines 65-66 "verification includes identifying... instruction sequence"); and 
detecting a type error based on said analyzing step (col. 17, lines 36-37 "intra-module 
verification checks of validity. . .during conventional verification") 

Bracha does not explicitly disclose composing said type signatures into a single composed type 
signature. 

However, Levy discloses in an analogous computer system composing said type 
signatures into a single composed type signature (col. 7, Unes 25-26 "authenticity verifier 82. . . 
compute a proof of authenticity on the bytecode(s) received from the outside world" and col. 7, 
lines 32-34 "a message authentication code of a pre-defined form computed with a block-cipher 
algorithm, or a digital signature of a pre-defined form computed with an asymmetric algorithm"). 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to incorporate the method of code verifier composing the signature and 
determine the input constraint to an output constraint as taught by Levy into the method of 
verification code as taught by Bracha. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to compose the verification signature and determine 
input/output constraints to securely distribute code as suggested by Levy (col. 2, lines 17-30). 
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Per claims 3, 7, 10, 13, and 16: 

The rejection of claim 1, 5, 10, and 1 1 is incorporated, respectively, and further, Bracha disclose: 

- wherein said code verifier is further configured to analyze said program and to group 
instructions of said program into a pluraUty of code blocks (col. 18, Unes 62-65 "FIG. 8 
shows how a module, which has been verified one-module-at-a-time before run time") 

- wherein said code verifier is configured to translate said code blocks into type signature 
blocks (col 17, lines 40-42 "substantially complete module-by-module pre-verification 
can be performed for the intra-module checks" and col. 17, lines 30-32 "pre-verification 
constraints. . . stored. . . or the module itself, or both. . . have attached a signal, such as a 
digital signature") 

- each of said type signature blocks having one or more type signatures (col. 17, lines 31- 
32 "module itself, or both. . . have attached a signal, such as a digital signature"), 

Bracha does not explicitly disclose said code verifier further configured to compose the type 
signatures of each of said type signature blocks into a single respective composed type signature. 

However, Levy discloses in an analogous computer system said code verifier further 
configured to compose the type signatures of each of said type signature blocks into a single 
respective composed type signature (col. 7, lines 25-26 "authenticity verifier 82. . . compute a 
proof of authenticity on the bytecode(s) received fi"om the outside world" and col. 7,' lines 32-34 
"a message authentication code of a pre-defined form computed with a block-cipher algorithm, 
or a digital signature of a pre-defined form computed with an asynmietric algorithm"). 
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Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to incorporate the method of code verifier composing the signature and 
determine the input constraint to an output constraint as taught by Levy into the method of 
verification code as taught by Bracha. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to compose the verification signature and determine 
input/output constraints to securely distribute code as suggested by Levy (col. 2, lines 17-30). 

Per claim 4: 

The rejection of claim 3 is incorporated, and further, Bracha disclose: 

- said code verifier further configured to make a determination as to whether an input type 
constraint of said first type signature is acceptable to an output type description of said 
second type signature (col. 17, hnes 33-35 "can be used to reliably identify the source of 
the module or constraints and indicate whether they may have been tampered with since 
being signed") 

- said code verifier further configured to.detect said type error based on said determination 
(col. 17, lines 36-37 "intra-module verification checks of validity. . .during conventional 
verification") 

Bracha does not explicitly disclose wherein said code verifier, in composing one of said type 
signature blocks, is configured to compose a first type signature with a second type signature to 
form a single composed signature, said first and second type signatures included within said one 
type signature block. 
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However, Levy discloses in an analogous computer system wherein said code verifier, in 
composing one of said type signature blocks, is configured to compose a first type signature with 
a second type signature to form a single composed signature, said first and second type 
signatures included within said one type signature block (col. 7, lines 25-26 "authenticity verifier 
82. . . compute a proof of authenticity on the bytecode(s) received fi-om the outside world" and 
col. 7, lines 32-34 "a message authentication code of a pre-defined form computed with a block- 
cipher algorithm, or a digital signature of a pre-defined form computed with an asymmetric 
algorithm"). 

The feature of composing signature blocks would be obvious for the reasons set forth in 
the rejection of claim 3. 

Per claims 6 and 12: 

The rejection of claim 5 and 11 is incorporated, respectively, and fiirther, Bracha disclose: 
- wherein said code verifier is further configured to detect said type error by comparing 
said type descriptions (col. 17, Unes 36-37 "intra-module verification checks of 
validity, . . during conventional verification") 

Bracha does not expUcitly disclose wherein one of said type signatures includes a type 
description indicative of a type of an input consumed by one of said instructions when said one 
instruction is executed, wherein another of said type signatures includes a type description 
indicative of a type of an output produced by another of said instruction when said other 
instruction is executed. 
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However, Levy discloses in an analogous computer system wherein one of said type 
signatures includes a type description indicative of a type of an input consumed by one of said 
instructions when said one instruction is executed (col 7, lines 35-38 "The authenticity verifier 
82 ensures that no bytecode(s) may reach the VM 78 or be executed by the VM unless the 
authenticity verifier has first successfully verified the authenticity of such bytecode(s)"), wherein 
another of said type signatures includes a type description indicative of a type of an output 
produced by another of said instruction when said other instruction is executed (col. 8, line 65 to 
col. 9 line 1 "a proof of authenticity may be generated, as described above, and the proof of 
authenticity may be appended to the verified bytecode(s) to produce an authenticated bytecode 
file"). 

The feature of signatures including type description of input/output would be obvious for 
the reasons set forth in the rejection of claim 3. 

Response to Arguments 
8. Applicant's arguments with respect to claims 1, 5, 8, and 1 1 have been considered but 
they are not persuasive. 
In the remarks^ the applicant has argued that: 

(i) For claims 1, 5, and 8 cited reference does not suggest the Umitations (1) generating a 
plurahty of signatures based on said instructions, (2) each type signature indicating each 
input type constraint, and (3) each type signature indicating each output type description for a 
respective one of said instructions. 
Examiner ^s response: 
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(i) Regarding the limitations as cited in claims 1, 5, and 8 applicant agrees that Bracha does 
disclose the verification process of module/class using the digital signature (applicant's 
amendment, page 10). Bracha verifies module-by-module using digital signature at pre- 
runtime in which it would be obvious to verify the instructions within the module/class. 
Thus, Bracha does disclose the limitations cited in the claims. Applicant only makes general 
allegations do not point out any errors in the rejection. Therefore, the rejection is proper and 
maintained herein. 

In the remarks, the applicant has argued that: 

(ii) For claim 1 1 combination of Bracha and Levy does not teach or suggest the limitation 
translating said instructions into a plurality of type signature and composing said type 
signatures into a single composed type signature as claimed. 

Examiner's response: 

(ii) Regarding the Umitations as cited in claim 1 1 . It is noted that the rejection clearly points 
out where the combination of Bracha and Levy teach the claimed features and why it would 
have been obvious to combine their teachings (see previous office action). AppUcant only 
makes general allegations do not point out any errors in the rejection. Therefore, the rejection 
is proper and maintained herein. 



Conclusion 

1 . The prior art made of record and not reUed upon is considered pertinent to appUcant's 
disclosure. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Satish S. Rampuria whose telephone number is (571) 272-3732. 
The examiner can normally be reached on 8:30 am to 5:00 pm Monday to Friday except every 
other Friday and federal holidays. Any inquiry of a general nature or relating to the status of this 
application should be directed to the TC 2100 Group receptionist: 571-272-2100 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Tuan Q. Dam can be reached on (571) 272-3695. The fax phone number for the 

organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent AppUcation 

Information Retrieval (PAIR) system. Status information for published appUcations may be 

obtained from either Private PAIR or PubUc PAIR. Status information for unpublished 

appUcations is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Satish S. Rampuria 
Patent Examiner 
Art Unit 2124 
05/18/2005 
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